Cross-domain authentication is here! Big milestone reached!

in #engrave5 years ago (edited)

Wow, what a great update! Making it so that users don't have to log in every time is definitely a huge improvement to the user experience. I'm very impressed with the amount of work that has been put into this update as well.

As for the code, it's mostly really great, but there are some things that I was wondering. In files such as sso_rest.js var is used a lot and the quality in general seems a bit lower than other parts of the codebase. For example, in authorize.ts the quality of the code is better, and const is used instead of var. I'm guessing that the former was taken from somewhere else, whereas the latter was written by yourself? If that's the case, then in my opinion you should mention this somewhere in the code at least, and maybe even in the post itself.

Either way, as I said before, this is a great update and it's obvious a lot of work went into it. For this reason, I will be picking it as a "staff pick", which means it will receive the highest reward possible for the development category. Looking forward to seeing more contributions from you guys in the future!

P.S. it says Jason instead of JSON, haha.

Need help? Chat with us on Discord.


Thank you, I really appreciate your feedback and decision!

In files such as sso_rest.js var is used a lot and the quality in general seems a bit lower than other parts of the codebase

The entire concept of SSO was adopted from this project, and some file was untouched, like sso_rest.js (four files if I remember correctly). It looks like a POC and some files could be written much better of course. I just wanted to focus on "bigger picture" of this update. But indeed, it's necessary to refactor those files. I will do it myself or maybe open an issue on Github and let to do it by one of the Utopian users? :)

I am aware of varied code quality. Engrave codebase is a one-man-job. I personally wrote every single line of code (except for some files like CSS for themes or those third-party solutions mentioned above) and gained a lot of experience doing that. There are still a lot of places that need to be refactored but I think I'm going in the right direction. Development is now much easier than previously. And I feel better as a backend than frontend developer as you can tell from both code quality and some imperfections of appearance. And I'm focused on missing features. There will be time to fine tune everything else :)

If that's the case, then in my opinion you should mention this somewhere in the code at least, and maybe even in the post itself.

I'm going to post more detailed technical articles as part of "Engineering" category of and there this information will be provided with all other details.

P.S. it says Jason instead of JSON, haha.

Wait, what? Where? There's nothing like that, and never was ;)

Is @engrave 100% open source?


Thank you for your review, @amosbastian! Keep up the good work!

Thanks for the mention! At this point, it is not possible to add custom scripts or adds to your blog but we are going to introduce "Theme manager" where you will be able to do that.

IMO @engrave would be revolutionary if it allowed optional guest commenting through disqus, ads and blacklisting users so their comments don't show up on the blog (i.e. bots and spammers). This would allow for a clean blog anyone can access, further boosted by other sources of monetization.

We're going to allow quest comments soon but without Disqus at all. Blacklisting users will be available soon as well, we're actually working at it right now :)

I have a question. I just set-up a blog using the site and was wondering if my blog becomes profitable and I want to buy my own domain, is there anyways I can upgrade from to something like, or will I have to create a new Steem account and set-up the new blog under the new Steem account?

You will be able to move your domain to custom one without the need to create another account :)

I'm trying to set up my blog. I'm trying to configure it now - need to point my custom domain to Engrave "servers". I didn't note down the servers when they first appeared, but now I can't seem to find what they are. Can you help me with the server names/addresses?

Just point A and CNAME records to :) In case of problems, visit our Discord.

PS. We're going to push a fix that will prevent situations like this :)

Thanks I'll try that now.

cool. I only have one engrave blog but I can see how this is relevant. Very nice. Good work!

Right now, every Engrave user have one blog... But previously if you wanted to interact with for example another blog, you had to log in into it specifically. Now, after this change - if you log in on your blog, you will be logged in on any other automatically.

It's working similar to Google authentication. You just need to login into your Gmail account, and you can use Calendar, Keep etc. Much, much more user-friendly :)

Awesome! :)

Excellent work!

Posted using Partiko Android

Can you comment the link of your Engrave blog?

  • I want to visit it, to see what it looks like.

Mine is

I just started. It won't be a super dynamic blog. It will work as the official site for my karate club.
I'll post some articles I usually integrate in the club newsletter. Let's see how it goes :)

Great! Will try to support you. Maybe some kind of custom template for your karate blog? :)

Thanks @rmach 😊👍🏻

Sure, you can visit it here: Engrave Blog. And here you can find much more blogs created by our users:

The latest blog was created by me, for @emaferice, and under the domain:

I clicked on the link on your site, listing as the latest blog, but it gave me a warning, saying that the site is not secure.

I clicked "Proceed anyways", and it sent me to a different blog, not

Also, when I visit, it doesn't go to a Splash page for my wife's new @engrave blog, but goes to the homepage instead.

Is all of this normal? @engrave

No, I will take a look at it right now :)

It looks like you fixed it @engrave thank you 😊👍🏻

My pleasure!

Have you guys looked into supporting the Steem Keychain extension? This should allow people to automatically log in to any site without you having to store any tokens or without the user having to put their private keys into steem connect. Feel free to reach out if you need any more info about it.

I will look into it, but to be honest - I'm not a big fan of browsers extensions because of their update policy (it's possible to inject vulnerability just by an update without even a notice). But it sure might be interesting for some users so I will research this. Thanks!

Well the same could be said for steemconnect, but with the browser extension there's at least the option to download the code and run it locally, or use the Brave browser which I believe doesn't auto-update. Additionally it's much more familiar to people who use Ethereum dapps (aka most people in the crypto space). They are used to using Metamask and are rightfully very wary of putting private keys into a website.

Also from a user experience perspective keychain is so much easier. You never have to worry about where you saved your keys and copying/pasting them, especially if you have multiple accounts. You just type in the username you want and you're good to go.

Thanks for the explanation - as I said, I will look into it definitely because it might be interesting :)

Impressive guys very impressive😎👍

Posted using Partiko iOS

I agree 😊

Thank you :)

Hello guys, congratulations for your excellent work! @engrave @wise-team
Just a couple of questions:

  • are you interested in an Italian (or Spanish, or both) tutorial to explain to these not english-spoken communities the ENGRAVE functions?
  • if so, would you be willing to support me?

Please let me know and keep up the good work!


Of course, we are interested in such tutorials as it can spread information across more potential bloggers :) We would love to see that and support as much as we can. Unfortunately, our SP amount is not so big, so we can't reward you with big upvote...

And we're going to introduce a brand new dashboard within weeks and it will change a lot of things, so maybe you should wait a bit with it?

Yes of course, I can wait, no prob. I did a tutorial for another steem dapp, you can find it on my blog if you want to have a look :) actually they are 2 posts, one for Italian and one for Spanish. Names are "Come giocare a Steem Slot Games" and "Como jugar con Steem Slot Games".

Posted using Partiko Android

Hello guys, how is going on your work? Better if I wait a little bit more in order to write the Engrave tutorial?
Sorry for bother you

Posted using Partiko Android

I think it's better to wait. I suppose it's not that far away.

Ok, just let me know when you are ready. I think engrave will be a great deal for these communities 😉 It's a really interesting project!

Posted using Partiko Android

I found your post on the trending page @engrave and must say, so far I am impressed with your initial work on creating a blogging platform with Steem login's, upvotes and comments.

I'll be very happy if I start running acrossed blogs with Steem-based comments, etc. I upvoted this post 100% and I'll follow you to observe the progress the #wise-team makes.

Thanks! You can find more blogs here: just take a look. Some of them might be empty but some of them are not :)

That was in fact very important missing feature. This should boost number of interactions between Engravians (did I just invented a word? :D). It will be much more easily to add comments to different blogs :)

I guess, with cross-domain authentication, it would be very difficult to implement a history of visited engrave blogs, right? :)

I guess, with cross-domain authentication, it would be very difficult to implement a history of visited engrave blogs, right? :)

Every time you reach Engrave blog, you need to be remotely validated, so yes - it should be easy to add the history of visited blogs ;)

Coin Marketplace

STEEM 0.18
TRX 0.09
JST 0.025
BTC 27115.79
ETH 1680.21
USDT 1.00
SBD 2.30